#!/bin/bash

set -o errexit

test_dir=$(realpath $(dirname $0))
. ${test_dir}/../functions

set_debug

function jq_filter() {
	local vault_root=$1
	jq -r "[ .[] | .=\"'$vault_root/\"+.+\"'\" ] | join(\", \")"
}

main() {
	create_infra $namespace

	vault1="vault-service-1-${RANDOM}"
	protocol="https"
	start_vault $vault1 $protocol
	token1=$(jq -r ".root_token" <"$tmp_dir/$vault1")
	ip1="$protocol://$vault1.$vault1.svc.cluster.local"

	cluster="some-name"
	spinup_pxc "$cluster" "$conf_dir/$cluster.yml"
	keyring_plugin_must_be_in_use "$cluster"
	table_must_be_encrypted "$cluster" "myApp"

	run_backup "$cluster" "on-demand-backup-pvc"
	run_recovery_check "$cluster" "on-demand-backup-pvc"
	check_pvc_md5
	table_must_be_encrypted "$cluster" "myApp"
	keyring_plugin_must_be_in_use "$cluster"

	if [ -z "$SKIP_REMOTE_BACKUPS" ]; then
		run_backup "$cluster" "on-demand-backup-aws-s3"
		run_recovery_check "$cluster" "on-demand-backup-aws-s3"
		table_must_be_encrypted "$cluster" "myApp"
		keyring_plugin_must_be_in_use "$cluster"
	fi

	mountpt=$(kubectl_bin get -f "$conf_dir/vault-secret.yaml" -o json | egrep -o "secret_mount_point = \w+" | awk -F "=[ ]*" '{print $2}')
	transition_keys=$(kubectl_bin exec --namespace="$vault1" -it $vault1-0 -- sh -c "
        VAULT_TOKEN=$token1 vault kv list -format=json $mountpt/backup/" \
		| jq_filter "$mountpt/backup/")

	vault2="vault-service-2-${RANDOM}"
	start_vault $vault2 $protocol
	token2=$(jq -r ".root_token" <"$tmp_dir/$vault2")
	ip2="$protocol://$vault2.$vault2.svc.cluster.local"

	kubectl_bin run -i --tty vault-cp --image=perconalab/vault-cp:latest --restart=Never -- sh -c "
        sed -i 's/token=cfg.old_token)/token=cfg.old_token, verify=False)/' /src/vault-cp.py \
        && sed -i 's/token=cfg.new_token)/token=cfg.new_token, verify=False)/' /src/vault-cp.py \
        && echo \"
old_url = '$ip1:8200'
old_token = '$token1'
new_url = '$ip2:8200'
new_token = '$token2'
secrets = [ $transition_keys ]
\" > /src/config.py
    python3 /src/vault-cp.py
    "

	run_recovery_check "$cluster" "on-demand-backup-pvc"
	table_must_be_encrypted "$cluster" "myApp"
	keyring_plugin_must_be_in_use "$cluster"

	if [ -z "$SKIP_REMOTE_BACKUPS" ]; then
		run_recovery_check "$cluster" "on-demand-backup-aws-s3"
		table_must_be_encrypted "$cluster" "myApp"
		keyring_plugin_must_be_in_use "$cluster"
	fi

	for i in $vault1 $vault2; do
		helm uninstall $i || :
		kubectl_bin delete --grace-period=0 --force=true namespace $i &
	done

	destroy $namespace
	desc "test passed"
}

main
